<?php

define('INCLUDE_CHECK',true);

require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined

session_name('tzLogin');
// Starting the session

session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks

session_start();

$currentPage = "http://" . $_SERVER['HTTP_HOST']  . $_SERVER['REQUEST_URI'];

if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
	// If you are logged in, but you don't have the tzRemember cookie (browser restart)
	// and you have not checked the rememberMe checkbox:

	$_SESSION = array();
	session_destroy();
	
	// Destroy the session
}


if(isset($_GET['logoff']))
{
	$_SESSION = array();
	session_destroy();
	
	header("Location: index.php");
	exit;
}

if($_POST['submit']=='Login')
{
	// Checking whether the Login form has been submitted
	
	$err = array();
	// Will hold our errors
	
	
	if(!$_POST['username'] || !$_POST['password'])
		$err[] = 'All the fields must be filled in!';
	
	if(!count($err))
	{
		$_POST['username'] = mysql_real_escape_string($_POST['username']);
		$_POST['password'] = mysql_real_escape_string($_POST['password']);
		$_POST['rememberMe'] = (int)$_POST['rememberMe'];
		
		// Escaping all input data
                $query = mysql_query(sprintf("SELECT user_id,username FROM users WHERE username='%s' AND password='%s'", $_POST['username'] , md5($_POST['password']))) or die(mysql_error());
		$row = mysql_fetch_assoc($query);

		if($row['username'])
		{
			// If everything is OK login
			$_SESSION['user']=$row['username'];
			$_SESSION['id'] = $row['user_id'];
			$_SESSION['rememberMe'] = $_POST['rememberMe'];
			// Store some data in the session
			setcookie('tzRemember',$_POST['rememberMe']);
		}
		else $err[]='Wrong username and/or password!';
	}
	
	if($err)
	$_SESSION['msg']['login-err'] = implode('<br />',$err);
	// Save the error messages in the session

	//header("Location: index.php");
	header("Location: " . $currentPage);
	exit;
}
else if($_POST['submit']=='Register')
{
	// If the Register form has been submitted
	
	$err = array();
	
	if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
	{
		$err[]='Your username must be between 3 and 32 characters!';
	}
	
	if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
	{
		$err[]='Your username contains invalid characters!';
	}
	
	if(!checkEmail($_POST['email']))
	{
		$err[]='Your email is not valid!';
	}
	
	if(!count($err))
	{
		
		$_POST['first_name'] = mysql_real_escape_string($_POST['first_name']);
		$_POST['last_name'] = mysql_real_escape_string($_POST['last_name']);
		$_POST['password'] = mysql_real_escape_string($_POST['password']);
                $_POST['email'] = mysql_real_escape_string($_POST['email']);
		$_POST['username'] = mysql_real_escape_string($_POST['username']);
		
		
		mysql_query("	INSERT INTO users(username,password,email,first_name,last_name,date_registered)
						VALUES(
						
							'".$_POST['username']."',
							'".md5($_POST['password'])."',
							'".$_POST['email']."',
							'".$_POST['first_name']."',
							'".$_POST['last_name']."',
							NOW()
							
						)");
	        //$row = mysql_fetch_assoc(mysql_query(sprintf("SELECT user_id FROM users where username = '%s'", $_POST['username']))); 
                $user_id = mysql_insert_id($link); 

		if(mysql_affected_rows($link)==1)
		{
		    $_SESSION['user']=$_POST['username'];
		    $_SESSION['id'] = $user_id;
		}
		else 
                { 
                    $err[]='This username and or email have already been used.';
                }
	}

	if(count($err))
	{
		$_SESSION['msg']['reg-err'] = implode('<br />',$err);
	}	
	
	//header("Location: index.php");
	header("Location: " . $currentPage);
	exit;
}

$script = '';

if($_SESSION['msg']['reg-err'])
{
	// The script below shows the sliding panel on page load
	
	$script = '
	<script type="text/javascript">
	
		$(function(){
		
			$("div#panel").show();
			$("#toggle a").toggle();
                        $("#dialogRegister").dialog("open"); 
		});
	
	</script>';
	
}
if($_SESSION['msg']['login-err'])
{
	$script = '
	<script type="text/javascript">
	
		$(function(){
		
			$("div#panel").show();
			$("#toggle a").toggle();
		});
	
	</script>';

}
?>
